From 4097ddd5e8c4fae4d95c939222341e5ad5dd6d20 Mon Sep 17 00:00:00 2001
From: Lari Hotari <lhotari@users.noreply.github.com>
Date: Wed, 21 Feb 2024 09:34:29 +0200
Subject: [PATCH] [fix][broker] Support running docker container with gid != 0
 (#22081)

---
 docker/pulsar/Dockerfile | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/docker/pulsar/Dockerfile b/docker/pulsar/Dockerfile
index 4e5885ce55d17..6a0dc0100e7fd 100644
--- a/docker/pulsar/Dockerfile
+++ b/docker/pulsar/Dockerfile
@@ -36,10 +36,14 @@ COPY scripts/install-pulsar-client.sh /pulsar/bin
 
 # The final image needs to give the root group sufficient permission for Pulsar components
 # to write to specific directories within /pulsar
+# The ownership is changed to uid 10000 to allow using a different root group. This is necessary when running the
+# container when gid=0 is prohibited. In that case, the container must be run with uid 10000 with
+# any group id != 0 (for example 10001).
 # The file permissions are preserved when copying files from this builder image to the target image.
 RUN for SUBDIRECTORY in conf data download logs; do \
      [ -d /pulsar/$SUBDIRECTORY ] || mkdir /pulsar/$SUBDIRECTORY; \
-     chmod -R g+w /pulsar/$SUBDIRECTORY; \
+     chmod -R ug+w /pulsar/$SUBDIRECTORY; \
+     chown -R 10000:0 /pulsar/$SUBDIRECTORY; \
      done
 
 ### Create 2nd stage from Ubuntu image